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ABSTRACT: 

A method and apparatus of securing access to a service manager for the administration of 
services residing on multiple service host computers from an administration server computer is 
described. A user identifier, such as a iteer'name, and a corresponding password are provided to 
the service manager. The user identifier is associated with a system administrator having 
administrative access to the services. The service manager authenticates the user by comparing 
the user identifier and password against a list of user identifiers and corresponding passwords 
stored in a persistent memory. A list of services to which the system administrator has 
administrative access is derived from the data in persistent memory. When the system 
administrator makes a request to administer one or more services from the list of services, the 
administrator's access control is verified at the service host computers on which the requested 
services reside by examining access control data in the persistent memory. Management files are 
transferred from the service host computers to the administration server computer thereby 
facilitating manipulation of the management files utilizing the service manager. 
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(54) Authentication and access control in a management console program for managing services 
in a computer network 



(57) A method and apparatus of securing access to 
a service manager for the administration of services re- 
siding on multiple service host computers from an ad- 
ministration server computer is described. A user iden- 
tifier, such as a user name, and a corresponding pass- 
word are provided to the service manager. The user 
identifier is associated with a system administrator hav- 
ing administrative access to the services. The service 
manager authenticates the user by comparing the user 
identifier and password against a list of user identifiers 
and corresponding passwords stored in a persistent 



memory. A list of services to which the system adminis- 
trator has administrative access is derived from the data 
in persistent memory. When the system administrator 
makes a request to administer one or more services 
from the list of services, the administrator's access con- 
trol is verified at the service host computers on which 
the requested services reside by examining access con- 
trol data in the persistent memory. Management files are 
transferred from the service host computers to the ad- 
ministration server computer thereby facilitating manip- 
ulation of the management files utilizing the service 
manager. 
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Description 

BACKGROUND OF THE INVENTION 

1. FIELD OF THE INVENTION 5 

[0001] The present invention relates generally to 
computer software and computer network manage- 
ment. More specifically, the present invention relates to 
server-based management software and software reg- 10 
istration in a computer network. 

2. DISCUSSION OF RELATED ART 

[0002] In recent years, computer networks have is 
grown not only in size, such as number of users or ge- 
ographical coverage, but also in terms of the types of 
services and protocols a single network can provide and 
support. Many computer networks ailow end-users ac- 
cess to all types of services, such as perusing news 20 
services or accessing the Internet, and do not restrict 
users to one mandatory or required network communi- 
cation protocol. With the proliferation of services avail- 
able on some computer networks is the increasing bur- 
den on system or network administrators of managing 2s 
those services. A system administrator now typically 
has to install and manage software on several servers 
where each server typically hosts or provides one or 
more services to network users. Depending on the size 
of the network and the number of services, the day-to- 30 
day management, for example, installing, upgrading, 
and trouble-shooting, the software behind these servic- 
es can become a tedious, error-prone, and time-con- 
suming task for a system administrator. This is particu- 
larly true with regard to system administrators who are 35 
not familiar with the network, the servers, or the config- 
uration of those servers. 

[0003] In a large-scale computer network that pro- 
vides many types of services and applications as de- 
scribed above, there are typically several or many serv- 40 
er machines accessible by end-users or clients. The fact 
that there are multiple servers on the network is usually 
transparent to a typical end-user who is not normally 
concerned with the physical configuration of the net- 
work. A system administrator responsible for managing 45 
a computer network normally does so from a server and 
console, generically described as an administration 
server, such as a Web server. Figure 1 is a block dia- 
gram of a computer network having multiple servers ac- 
cessible by end-users and connected to an administra- so 
tion server not configured with the automated manage- 
ment capabilities of the present invention. A computer 
network 102 has an administrator console shown as cli- 
ent 1 04 connected to a Web or administrator server 1 06. 
Connected to Web server 106 are multiple ■service'' ss 
servers 108. From the perspective of administration 
server 106, servers 108 are referred to as management 
clients. Although from an end-user's perspective, they 
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are simply servers, where each server may have a par- 
ticular function or provide a particular service. 
[0004] When an update, installation, or any type of 
maintenance is done on application software residing 
on one of the servers 108 or a new server is added to 
network 1 02, the system administrator must modify soft- 
ware on administration server 106 accordingly. For ex- 
ample, if a new feature is installed on an existing mail 
server or a new mail server is being added, the admin- 
istrator must note or remember the location and other 
information of the new feature or server at the time of 
the update. The administrator installs a new application 
on a server 110. This information, including the location 
of any management modules of the new application, 
which can be in the form of a Uniform Resource Locator, 
must then be entered at console 104. Once manually 
entered at administrator console 104, the information 
needed to manage the new software or server is reflect- 
ed on administrator server 1 06. At this stage the location 
of any management modules on server 110 are availa- 
ble to the system administrator from administrator con- 
sole 104. The new mail feature from the example cannot 
be managed or properly configured by end users until it 
is "registered" with the administrator server 106. Admin- 
istration server 106 must know where to find the man- 
agement modules associated with the new mail feature 
on management clients 108 before end-users can begin 
using the software. 

[0005] This is an inefficient process for the adminis- 
trator and inconvenient for end-users who have come 
to expect new applications on their networks to be avail- 
able for use as soon as possible. This process is also 
error-prone since the administrator has to perform man- 
ual or non-automated tasks such as writing down infor- 
mation on the hew feature or server during installation, 
which must later be entered at a administrator console. 
This problem is exacerbated if there are dozens of serv- 
ers, each with many applications (e.g. 30 is not unusu- 
al), that have frequent updates, corrections, or new ver- 
sions that need to be installed in a timely and accurate 
manner. In this type of setting, managing network serv- 
ices can not only be inefficient, time-consuming, and er- 
ror-prone, but impractical. 

[0006] One problem with present Web server based 
networks typically having multiple service hosts is de- 
signing and implementing a user authentication mech- 
anism. A Web server based computer network, or any 
type of computer network, must have an authentication 
protocol or mechanism to ensure that a user can per- 
form only those operations or access those files the user 
is authorized to perform or access. In the case of man- 
aging services on the multiple service hosts, there can 
be more than one system administrator responsible for 
maintaining the services on those hosts. It is possible 
that certain administrators are not given complete au- 
thorization to perform all possible operations on the Web 
server and the service hosts, which may only be given 
to, for example, a senior or "super" system administra- 
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tor. Thus, since managing services on the hosts is an 
administration task done through an administration in- 
terface, some type of user authentication is necessary. 
[0007] Although authentication does exist for Web- 
based networks, present implementations and designs 
for user authorization are inefficient and repetitive. The 
authentication referred to here is the verification and au- 
thorization of system or network administrators for man- 
aging services on service hosts in a network from a 
browser on an administration console. Typically each 
service on a service host and its one or more manage- 
ment modules have different authentication mecha- 
nisms or standards. There is no clear standard on a pro- 
tocol or process for implementing authentication and ac- 
cess control in a distributed manner on a Web server 
based system. A system administrator must re-authen- 
ticate every time the administrator signs on to a service 
host since the service hosts are not in communication 
with each other. A browser program can be run on a cli- 
ent running any type of operating system, thus, the 
browser being used by the administrator may not be on 
a UNIX-based client and may not have a known UNIX 
identity. Since the browser does not have a known UNIX 
identity, an identity cannot be communicated from one 
service host to other service hosts. Thus, a system ad- 
ministrator must go through an authentication process 
for each service host since the administrator does not 
have a single or globally recognized identity. 
[0008] Therefore, it would be desirable to manage 
end-user application software and services available on 
a computer network from a central location by having 
any necessary software for managing those applica- 
tions and services automatically registered at the central 
location during installation and accessible from a well- 
known location. It would also be desirable to have an 
authentication mechanism that provides for single sign 
on that functions within the environment of a Web server 
and that server's existing system of user identity and ac- 
cess control. Further, it would be desirable to achieve 
this from a central location and by assigning a universal 
identity to a user managing services from a browser in 
a Web-server based network. 

SUMMARY OF THE INVENTION 

[0009] To achieve the foregoing, and in accordance 
with the purpose of the present invention, a method of 
securing access to a service manager for the adminis- 
tration of services residing on one or more service host 
computers from an administration server computer is 
described. In a preferred embodiment of the present in- 
vention, a user identifier, such as a user name, and a 
corresponding password are provided to the service 
manager, where the user identifier is associated with a 
system administrator having administrative access to 
the services. The service manager authenticates the us- 
er by comparing the user identifier and password 
against a list of user identifiers and corresponding pass- 
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words stored in persistent memory. A list of services to 
which the system administrator has administrative ac- 
cess is derived from the data in persistent memory. 
When the system administrator makes a request to ad- 
5 minister one or more services from the list of services, 
the administrator's access control is verified at the serv- 
ice host computers on which the requested services re- 
side by examining access control data in the persistent 
memory. Management files are transferred from the 
10 service host computers to the administration server 
computer thereby facilitating manipulation of the man- 
agement files utilizing the service manager. 
[0010] In another preferred embodiment, the admin- 
istration server computer is connected to an admin istra- 
'5 tion client computer running a browser program, such 
as a Web browser. The user identifier and password are 
provided to the administration server computer over a 
communications connection between the administration 
client computer and the administration server computer. 
The communications connection between the adminis- 
tration server computer and the administration client 
computer and the connections among the administra- 
tion server computer and the service host computers 
use an Internet protocol, such as TCP/IP. 
[0011] In another aspect of the invention, a system for 
securing access to a service manger for administering 
services on host service computers in a computer net- 
work is described. In a preferred embodiment, the serv- 
ice manager resides on an administration server com- 
puter connected to multiple host service computers, and 
is also connected to an administration client computer. 
A communication connection between the administra- 
tion client computer and the administration server com- 
puter is used for providing a user identifier and password 
to the service manager. The user identifier represents a 
user, typically a system administrator, having adminis- 
trative access to at least one of the services. An authen- 
ticator, under the control of a service manager, com- 
pares the user identifier and password against a list of 
user identifiers and passwords stored in persistent 
memory. An access control mechanism derives a list of 
services to which the system administrator associated 
with the identifier and password has administrative ac- 
cess. A service host verifier, residing at the service host 
computer, verifies that the system administrator is per- 
mitted to access the selected services from the list of 
services by utilizing access control data associated with 
the system administrator stored in the persistent mem- 
ory. A data transfer component transfers management 
files residing on the service host computers to the ad- 
ministration server computer thereby facilitating manip- 
ulation of the management files using the service man- 
ager. 

[0012] In another aspect of the present invention, a 
system for securing administration of services resident 
on service host computers in a computer network from 
an administration server connected to an administration 
client having a browser program and to the service host 
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computers using an Internet protocol, such as TCP/IP, 
is described. In a preferred embodiment, a user profile 
data repository stores data relating to user privileges, 
including a user access level, a list of services, and a 
password. A communication interface having a service 
manager subcomponent residing on the administration 
server accepts a user name and password and passes 
the information to the user profile data repository. A 
component configuration directory that can reside on a 
service host contains component configuration files that 
store management modules belonging to services. The 
management modules contain management data that 
can be used in administering the services. The commu- 
nication interface also has a service host subcomponent 
that resides on the administration server computer that 
accepts the user name and password and passes the 
information the service host computers for verification 
at the service hosts by examining data relating to user 
privileges stored in the user profile data repository. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0013] The invention, together with further advantag- 
es thereof, may best be understood by reference to the 
following description taken in conjunction with the ac- 
companying drawings in which: 
[001 4] Figure 1 is a blockdiagram of a computer net- 
work having multiple servers accessible by end-users 
and connected to an administration server not config- 
ured with the automated management capabilities of the 
present invention. 

[001 5] Figure 2 is a block diagram of server side com- 
ponents of a computer network in accordance with one 
embodiment of the present invention. 
[001 6] Figure 3 is a flowchart showing an overview of 
a process for registering a new service on a network in 
accordance with one embodiment of the present inven- 
tion. 

[0017] Figure 4 is a flowchart showing in greater detail 
step 304 of Figure 3 of registering a service in accord- 
ance with one embodiment of the present invention. 
[0018] Figure 5 is a flowchart showing in greater detail 
step 306 of Figure 3 in accordance with one embodi- 
ment of the present invention. 

[001 9] Figures 6a and 6b are screen shots of a graph- 
ical user interface displayed on the browser host in ac- 
cordance with one embodiment of the present invention. 
[0020] Figure 7 is a screen shot of a graphical user 
interface relating to the access control and authentica- 
tion of a user of the management console program in 
accordance with one embodiment of the present inven- 
tion. 

[0021] Figures 8a and 8b are flowcharts of a process 
for enforcing access control and authorization in the 
management control program in accordance with one 
embodiment of the present invention. 
[0022] Figure 9 is a flowchart showing in greater detail 
step 806 of Figure 8a. 
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[0023] Figure 10 is a block diagram of a typical com- 
puter system suitable for implementing an embodiment 
of the present invention. 

s DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

[0024] Reference will now be made in detail to a pre- 
ferred embodiment of the invention. An example of the 
10 preferred embodiment is illustrated in the accompany- 
ing drawings. While the invention will be described in 
conjunction with a preferred embodiment, it will be un- 
derstood that it is not intended to limit the invention to 
one preferred embodiment. To the contrary, it is intend- 
is ed to cover alternatives, modifications, and equivalents 
as may be included within the spirit and scope of the 
invention as defined by the appended claims. 
[0025] A method and system for managing software 
applications and services from a central location in a 
computer network is described in the various drawings. 
In a large-scale computer network having multiple serv- 
ers and a large end-user base, managing applications 
and software on the network is a time-consuming and 
error-prone task. Typically, a system administrator in- 
stalls a new application or service on a service host, i. 
e., one of the network servers which is normally done at 
the server. Information relating to management of the 
application, in particular the location and names of files 
of management modules, are manually noted by the 
system administrator. This information is then entered 
on an administrator server through an administrator 
console. Once the location of the new application man- 
agement module is known to the administrator sever, for 
example a Web server, end-users can access the new 
application. This process becomes cumbersome and in- 
efficient when there are many servers on the network, 
each having many applications that require frequent up- 
dating, modifying or replacing. This problem is particu- 
larly acute from the end-user's perspective in that the 
expectation that an application be available for use soon 
after it is received is high. The non-automated two-step 
process described increases the time before an appli- 
cation can be available to users on the network. 
[0026] The present invention is a method of automat- 
ing the process of registering new applications and serv- 
ices at a central management location, such as a Web 
server, thereby reducing the amount of information the 
system administrator must remember and making a 
service available to end-users sooner. In the described 
embodiment, the present invention involves having a 
management console program residing on an adminis- 
tration server that manages other servers or service 
hosts on the network, also referred to as management 
clients in the sense that these servers are "clients" of 
the administration server The described embodiment 
also includes a persistent storage area containing a da- 
tabase for storing management information and uses (e. 
g. system or network administrators) authentication in- 
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formation relating to the services on the service hosts 
and a 'well-known" directory associated with each man- 
agement client. In other preferred embodiments, de- 
scribed in more detail below, the storage areas, for ex- 
ample, can be distributed over the network instead of 
being associated with only one server. In another pre- 
ferred embodiment, the management console program 
does not reside entirely on the administration server, but 
can also be distributed between the server and an ad- 
ministrator client machine. These components are 
shown in Figure 2. 

[0027] Figure 2 is a block diagram of server side com- 
ponents of a computer network in accordance with one 
embodiment of the present invention. A server-side con- 
figuration 200 of a complete network (not shown) can 
be viewed as having two sections, a section 202 repre- 
senting an administration side and a section 204 repre- 
senting network servers, or service hosts. Not shown in 
Figure 2 are the network end-users on client machines 
which can typically access network servers 206 to pro- 
vide services or for running applications, or performing 
other network operations. Although the end-users of a 
computer network are one of the beneficiaries of the 
present invention in that services and applications on 
the network are available to them sooner and do not go 
down as often, in the described embodiment the inven- 
tion is used by a system administrator or network man- 
ager (i.e., the user). 

[0028] In the described embodiment, management 
clients 206 are managed through a Web server 208. In 
other preferred embodiments, server 208 can be anoth- 
er type of server, such as a more generic administration 
server, or be a serverthat has other functions depending 
on the size of the network and the capacity of the server. 
In any case, server 208 in the network has the role of 
managing management clients 206. One feature of 
server 208 is that it contains a management console 
program 210, described in greater detail below. Another 
feature of Web server 208 is that it has access to a per- 
sistent storage area database 21 2 that stores service 
management module information. Web server 208 com- 
municates with storage 21 2 through the light-weight di- 
rectory access protocol (LDAP) 214. In other preferred 
embodiments, other data access protocols can be used 
between server 208 and storage area 21 2. Storage area 
21 2 is also accessible by management clients 206. Per- 
sistent storage 21 2 is a reliable database that stores da- 
ta, in the described embodiment, in a hierarchical for- 
mat. In other preferred embodiments, the database can 
be in relational database format or store data in an ob- 
ject-oriented type data repository. In addition, in other 
preferred embodiments, storage 212 can be distributed 
across persistent storage areas part of management cli- 
ents 206, Web server 208, and other persistent storage 
mediums available to the network and accessible by the 
servers. 

[0029] As mentioned, the present invention is used 
primarily by a system administrator. The administrator 



accesses server 208 through a special client adminis- 
trator console 216. In the described embodiment, con- 
sole 216 is equipped with a Web-based browser pro- 
gram that allows the administrator to access server 208 
5 and, more specifically, use management console pro- 
gram 21 0 and storage area 21 2. Server 208 can also be 
referred to as a management console host from the per- 
spective of browser host 216. As will be described in 
greater detail below, a system administrator can use 

io browser host 21 6 to manage software applications and 
services on management clients 206. 
[0030] Management clients 206 can include all or 
some of the servers on the network. Those that are man- 
aged by a system administrator through Web server 208 

15 communicate with storage 21 2 via LDAP. Each manage- 
ment client has one or more services shown at 218 and 
one or more corresponding management modules 
shown at 220 on service host 207. When a new service 
is installed or an existing service is upgraded, an entry 

20 in management module area 220 is altered. As de- 
scribed in greater detail below, this alteration is reflected 
in corresponding entries in persistent storage 212. Al- 
though services 218 are shown separately from man- 
agement modules 220 in Figure 2, the two components 

25 are integral to each other. In other words, a service's 
management module is integrally bound with the main 
body or functional modules of the service. However, the 
two components still have separate roles. Management 
modules 220 are stored in configuration files, a config- 

30 uration component directory is described in greater de- 
tail below. In other preferred embodiments the informa- 
tion in management modules 220 can be stored in other 
formats such as a database or a standard directory that 
also contains other non-management files. 

35 [0031] The remaining components in Figure 2 relating 
to the management console program address authenti- 
cation and access control features. Management con- 
sole program 210 has an authentication layer 222 that 
performs user verification and authorization functions 

40 described in greater detail with regard to Figures 7 to 9 
below. Associated with console host 208 is a Common 
Gateway Interface, or CGI program, used by a Web 
server to execute programs. In the described embodi- 
ment, a CGI program 224 is used to execute programs 

45 from console host 208 and is logically divided in to two 
parts: a management console CGI 226 and a servlet 
CGI 228. Management console CGI 226 communicates 
with management console program 208 and is dis- 
cussed in greater detail with respect to Figures 8a and 

50 8b. Servlet CGI 228 communicates authentication data 
from console host 208 to the service hosts 206, and is 
a component well known in the art. 
[0032] On service hosts 206 is a corresponding au- 
thentication and access control layer 230 that is part of 

55 management module component 220. Authentication 
layer 230 receives data from console host 208 through 
servlet CGI 228. These components are used to ensure 
that a system administrator logging on to use the man- 
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agement console program to manage particular servic- 
es is authorized to manage those services and also al- 
lows a "super" system administrator to add and delete 
administrators and particular privileges in the manage- 
ment console framework. In the described embodiment, 
this functionality is illustrated through a graphical user 
interface shown in Figure 7. Service hosts 206 re-au- 
thenticate a user's access control and authorization with 
persistent data storage 21 2. 

[0033] Figure 3 is a flowchart showing an overview of 
a process for registering a new service on a network in 
accordance with one embodiment of the present inven- 
tion. The flowchart shows the steps taken by a system 
administrator when registering either a new service, up- 
grading a service, or adding a new management client 
to the network. At step 302 a service is installed on a 
particular management client. This is typically done 
through a client machine functioning as a browser host 
and is usually performed by a system administrator. A 
management module, associated with the service, is a 
segment of executable code that is also installed on the 
management client. An example of a management mod- 
ule on a mail server is a module indicating a maximum 
quota per end-user; that is, the maximum amount of 
memory a user can take up. Another example is a Web 
server owned by an ISP (Internet service provider) that 
hosts web sites for its customers. iri this context a man- 
agement module can manage the addition of a new Web 
site on the Web server. 

[0034] The management module can be one of sev- 
eral types. In the described embodiment, the types of 
management modules are browser-based, X-based, 
and command line. A browser-based management 
module is associated with an application that is execut- 
ed in a Web browser. It is anticipated that a large ma- 
jority of the application types will be applications that run 
in a Web browser. An X-based management module is 
typically associated with a stand alone application that 
is run based on the X-protocol, a component of the UNIX 
operating system. These applications are generally not 
run from within a browser but from the operating system 
shell. It is derived from standard and well-known X- win- 
dows, a UNIX-based graphical user interface. A com- 
mand line management module is associated with an 
application which is managed using command lines, but 
can be embedded and executed from a Web browser. 
A command line may or may not have runtime parame- 
ters as is described below. Examples of command line 
commands are "Is" (obtain a list of files), "whoami" (re- 
turn information on current user), and "ps" (provide in- 
formation on performance status) In other preferred em- 
bodiments other types of management modules can be 
installed. 

[0035] At step 304 the system administrator registers 
the service and management modules on the manage- 
ment client. In the described embodiment this is done 
by running a command referred to as mc_reg on the 
management client. By registering the service and man- 
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agement modules, the administration server (server 208 
in Figure 2) is informed of what type of module is being 
installed. Typically, a system administrator registers 
several new services on various management clients. 
5 Thus, steps 302 and 304 are repeated for several serv- 
ices on various management clients. Once a service is 
registered on a service host, certain files referred to as 
component configuration files storing management data 
are created and stored in a component configuration di- 
io rectory on the service host. Step 304 is described in 
greater detail with respect to Figure 4. 
[0036] At step 306 a "discover" routine is initiated 
through a graphical user associated interface associat- 
ed with management console program 210 and is run 
on a service host. This routine allows the management 
console program to register a particular service host. 
The system administrator, for example through browser 
host 216, instructs the management console to go to a 
particular service host or group of service hosts and 
check to see what has been registered. In the described 
embodiment this is done by the management console 
by checking a well-known directory referred to as the 
component configuration directory on the service hosts 
indicated by the system administrator. Step 306 is de- 
scribed in greater detail in Figure 5. In a preferred em- 
bodiment the discover routine can be run locally on the 
service host at the time the service is being installed at 
step 302. The service host can then broadcast the re- 
sults of the remote or auto discover to the management 
console program. In the described embodiment, the 
system administrator can tell the management console 
to go register all the service hosts that were recently 
modified, upgraded, or newly added by the administra- 
tor. In the described embodiment, the management con- 
sole program proceeds to check those service hosts and 
will register any updates by checking the component 
configuration directory. Once all the modified service 
hosts have been registered, end-users can begin using 
the services or applications and the registration process 
is complete. 

[0037] Figure 4 is a flowchart showing in greater detail 
step 304 of Figure 3 of registering a service in accord- 
ance with one embodiment of the present invention. 
Step 304 introduced the process of registering a new 
service on a service host so that the management con- 
sole can later discover that the a new service has been 
registered on that host as instructed by a system admin- 
istrator. At step 402 the service or application type is 
identified to the service host. As described above, in the 
described embodiment, a service can be one of three 
types: browser-based, X-based, and command line. In 
other preferred embodiments, additional types can be 
entered. In the described embodiment, this step is per- 
formed on the service host and is one way of informing 
the management console of the application type. In oth- 
er preferred embodiments, this information can be en- 
tered at the browser host. Information inputted at the 
service host after step 402 depends on the type of serv- 
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ice identified. If the service is Web-based, the flowchart 
proceeds with step 404. At step 404 the system admin- 
istrator enters the location of the service's management 
module on the service host. In the case of Web-based 
services, the location is typically in the form of a Uniform 
Resource Locator, or URL. At step 406 the service type 
and the URL of the management module is saved as 
parameters in a well-known location on the service host. 
In the described embodiment, these two items of infor- 
mation, referred to as components, are saved in a UNIX 
file referred to as a component configuration file in the 
directory referred to as a component configuration di- 
rectory. In other preferred embodiments, other directo- 
ries on the service host can be used to store these com- 
ponents. 

[0038] At step 408 the two components contained in 
a service management module are assigned compo- 
nent identifiers. In the described embodiment, this con- 
sists of two parts: (1) a unique identifier (such as a So- 
laris package name, e.g. SUNWFTP), and (2) a version 
number. Thus, the URL and the service type compo- 
nents are assigned a component identifier and saved in 
a file in the component configuration directory. In addi- 
tion a 'user friendly" name for the service, which up to 
this point has been a unique but lengthy and cryptic 
name, is entered. This user friendly name is the name 
that will be displayed on the graphical user interface, 
described in greater detail with respect to Figure 6 be- 
low. At step 420 the data or components described in 
steps 406 and 408 are stored in an appropriate file in 
the component configuration directory. Thus, after step 
420 all the information needed to perform step 306 of 
Figure 3 (the "discovery - process) for a Web-based type 
service is stored in an appropriate file at a well-known 
directory and the process is complete. 
[0039] Returning to step 402, if the service type is X- 
based, control proceeds with step 410. As described 
above, an X-based type service is typically associated 
with a stand alone application that is run based on the 
X-protocol, a component of the UNIX operating system. 
At step 410, the system administrator enters the path 
necessary to invoke the X-based application. At step 
412 a UNIX user and user group are entered in order to 
invoke the X-based application. Control then goes to 
step 408 where the path, user name, and group are as- 
signed component identifiers. At step 420 the compo- 
nent identifiers are stored in an appropriate file in the 
component configuration directory. 
[0040] For command line type management modules, 
the system administrator enters data similar to the X- 
based type: a path to invoke the command line, and a 
UNIX user and group name necessary to invoke the 
UNIX application, as shown at step 414. At step 416 the 
system administrator determines whether there are any 
runtime parameters in the command (reflected in the 
command line type management module). Those pa- 
rameters are not entered at the time the service is being 
registered but at the time the command is executed or 
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run by the end-user. The graphical user interface is mod- 
ified or customized to reflect whether the end-user can 
enter runtime parameters (e.g. options the user can se- 
lect at the time the service is being used). If there are 
5 runtime parameters, the system administrator supplies 
them in response to a prompt from the management 
console's graphical user interface. At step 418 the sys- 
tem administrator enters static parameters required by 
the command. A command line type management mod- 
10 ule will always have static parameters regardless of 
whether the command has runtime parameters. Control 
then goes to step 408 where all the data is assigned 
component identifiers, as was done for X-based and 
Web-based management modules. The component 

15 identifiers are then saved in files stored in the configu- 
ration component directory at step 420. In the described 
embodiment, the file name has the format of 'compo- 
nent identifier - version number" which facilitates deter- 
mining the number of components that are registered in 

20 the directory where each component has one file. In oth- 
er preferred embodiments, the file name can be in an- 
other formats where there is one file per command, e. 
g. component identifier - command #. . 
[0041] Figure 5 is a flowchart showing in greater detail 

25 step 306 of Figure 3 in accordance with one embodi- 
ment of the present invention. In the described embod- 
iment, a service host has a component software seg- 
ment running that contains all the management modules 
of the services on that service host. The component con- 

30 figuration directory resides in this segment. The service 
host also has a management console framework seg- 
ment that contains code also contained in the manage- 
ment console program residing on the administration 
server. For example, the mc_reg command and ISP re- 

35 mote shell code, a program for remotely executing X- 
based and command line management programs, re- 
side in both the management console and the service 
host. Figure 5 describes a discovery process that 
searches the component software segment on a service 

40 host for management modules that have not yet been 
registered using software in the management console 
framework segment. 

[0042] At step 502 a system administrator specifies a 
service host name or a service name through a graphi- 

45 cal user interface on the browser host. Examples of 
graphical user interfaces used in the described embod- 
iment are shown in greater detail in Figures 6 and 7. As 
described above, there can be many service hosts, each 
of which have several services available. These choices 

so are presented to a system administrator through a user 
interface. Typically an administrator will choose all the 
service hosts that contain services that were recently 
modified or added, and will enter all those service hosts 
at once from the browser host. At step 504 the manage- 

55 ment console host connects to the one or more service 
hosts specified at step 502 to scan a well-known direc- 
tory for component configuration files. In the described 
embodiment the well-known directory is the component 
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configuration directory. The management console com- 
municates with the service host through a standard CGI 
(Common Gateway Interface) program, typically used 
to initiate a Web-based program from a Web server, and 
is well-known in the art. In other preferred embodiments 
the CGI program may not be needed if the administra- 
tion server is not a Web-based server. The scanning is 
performed using a command line program that sends 
commands across a network connection and have them 
executed on the destination server. More specifically, in 
the described embodiment, the commands are execut- 
ed by the management console, over the network con- 
nection, on the service host. In the described embodi- 
ment, this is done using an ISP remote shell protocol. 
Thus, during the scan the UNIX "list files" command, Is, 
is executed in the component configuration directory to 
get a list of the component configuration files. A list of 
files that need to be registered with the management 
console is sent to the administration server. 
[0043] At step 506 the management console exam- 
ines the list of files 'discovered' on all the service hosts 
that were specified in step 502. The same connection 
between the management console and the service 
hosts is then used to retrieve the contents of those files. 
In the described embodiment, the UNIX "concatenate" 
command, cat, is used on the service host to retrieve 
the content of each file. In other preferred embodiments, 
similar commands for retrieving the content of a file in 
other operating systems can be used. Once the con- 
tents of each file to be registered are retrieved from the 
service hosts, the content of each individual file is 
parsed using standard and well-known parsing tech- 
niques by the management console on the administra- 
tion server. In the described embodiment, a component 
configuration file is flat ASCII file. By parsing the content 
of a file, the file's user friendly name, component iden- 
tifiers, and other command execution information are 
identified for each file. In the described embodiment, this 
information reflects the information that was saved in the 
component configuration directory for each of the three 
management module types as shown in Figure 4. 
[0044] At step 508 the data parsed from the compo- 
nent configuration files is stored on a persistent storage 
area. As described above, a component configuration 
file contains all the information that is needed to launch 
a corresponding service. This information is now stored 
in a database on persistent storage accessible by the 
management console program and by the service hosts. 
A system administrator can now manage a service 
through the management console by modifying the con- 
tent of that service' management data stored in the per- 
sistent and reliable database. In the described embod- 
iment, data on the persistent storage remains when the 
network is down or when the management console is 
not active, and is accessible through the light-weight di- 
rectory access protocol (LDAP). In other preferred em- 
bodiments, alternative access protocols can be used 
depending on the type of storage being used and the 



network. 

[0045] Figures 6a through 6c are screen shots of a 
graphical user interface displayed on the browser host 
in accordance with one embodiment of the present in- 
s vention. Figure 6a is an initial screen shot of the "Reg- 
ister Services" user interface. A window 602 contains a 
text entry sub-window 604 in which a system adminis- 
trator enters the name of a service host on which serv- 
ices the administrator wants to manages reside. In the 
io described embodiment there is an area to enter one 
service host. In other preferred embodiments an admin- 
istrator can enter more than one service host. Also 
shown in text entry sub-window 606 in which an admin- 
istrator can enter a service host name that contains 
is services the administrator wants to unregister. Once the 
choices have been entered, the user can click on button 
608 to retrieve a list of services that the user is author- 
ized to manage on that service host. The administrator 
can also press button 610 to retrieve a list of services 
20 on that service host which can be unregistered. 

[0046] Figure 6b is a screen shot showing another 
segment of the "Register Services" user interface. This 
graphical user interface allows a system administrator 
to select services that the administrator is authorized to 
25 manage. User authorization and access control is de- 
scribed in greater detail below A list of services 612 is 
displayed in a window 61 4. List 61 2 is derived from data 
relating to the user stored in the database and contains 
those services available on the service host entered in 
30 field 604 of Figure 6a. The system administrator selects 
those services he wants to manage or access. In the 
described embodiment this is shown with an asterisk to 
the left of the service name, such as the Sun News (TM) 
service 61 6. Once the service or services have been se- 
35 lected, the user clicks on the "Register Services Select- 
ed Above" bar 618. In the described embodiment this is 
done using a pointing device such as a mouse or track 
ball and is implemented in a window environment. In 
other preferred embodiments, a non-graphical user in- 
40 terface, such as a simple text based interface or a more 
sophisticated voice-recognition based interface can be 
used to enter this information, as well as the information 
described below with respect to the other screens. 
[0047] As described above, a management console 
45 program of the present invention includes a "single sign- 
on" method of user authentication and access control 
that benefit from having a central management console 
for managing services on multiple service hosts in a dis- 
tributed Web-based network. Presently in Web-based 
50 networks a system administrator responsible for main- 
taining services available on multiple service hosts must 
re-authenticate and pass the administrator's credentials 
to each service host to which the administrator logs on. 
This is true since the administrator, operating from a 
55 browser, does not have a single, universal identity that 
can be used for authentication. Here authentication re- 
fers to verifying credentials and authorizations of a user 
before being allowed to manage a particular service 
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host or, more specifically, perform operations for man- 
aging services on a particular service host. It is neces- 
sary to have a consistent understanding throughout the 
network of who the user is and what that user is allowed 
to do on the service hosts. 

[0048] The present invention allows centralized man- 
agement and user single sign on for authentication re- 
lating to management of services on service hosts from 
a browser host. The management console program 210 
of Figure 2 contains an authorization and access control 
component or layer 222. This authorization layer ac- 
cesses user data from database 21 2 for verification and 
communicates this information to corresponding author- 
ization or authentication layers 230 on a service host 
206. The information is handled and transmitted to each 
service host a system administrator wants to manage, 
without having the administrator re-authenticate on 
each individual service host. 

[0049] Information relating to each user is stored in 
database 212 and information entered by a user is au- 
thenticated against this information. The information, or 
credentials, if verified, is passed through a CGI program 
to the service hosts indicated by the user. Once received 
by the service hosts the information is re-authenticated 
against the user profile in the database on behalf of the 
system administrator; in other words, this is done 'be- 
hind the scenes' without inferventibn or any extra steps 
from the user. The user only has to log on [i.e. enter 
certain information such as name and password) to the 
management console through a browser once and this 
information is passed on to the service hosts automati- 
cally. 

[0050] Figure 7 is a screen shot of a graphical user 
interface relating to the access control and authentica- 
tion of a user of the management console program in 
accordance with one embodiment of the present inven- 
tion. A window 702 has the heading "Manage Adminis- 
trators." This window is used to enter new administra- 
tors and associated passwords and services the new 
administrator will be allowed to manage. Within window 
702 is a sub-window 704 for entering an administrator 
name and sub-windows 706 and 708 for entering and 
reentering a password. In the lower portion of window 
702, another sub-window 710 contains a list of sen/ices 
from which the administrator entered in sub-window 704 
will be allowed to manage. Once the services are se- 
lected by the managing or "super" administrator, the but- 
ton 712 is pressed. 

[0051 ] Figures 8a and 8b are flowcharts of a process 
for enforcing access control and authorization in the 
management control program in accordance with one 
embodiment of the present invention. The enforcement 
process begins with a user pointing the browser host (/. 
e. administration console 216 of Figure 2) to a URL of 
the management console host. Thus, at step 802 the 
user enters the URL of the console host from the brows- 
er host. The URL for the management console is in the 
form of a standard URL in a Web-based network. In oth- 



er preferred embodiments, other types of locators can 
be used depending on the type of network. 
[0052] At step 804 the administrator/user is chal- 
lenged for a user name and password for access to the 

s management console program on the console host. At 
step 806 the management console accepts the user 
name and password entered in step 804 and the user 
is authenticated. This step is described in greater detail 
in Figure 9. The management console displays the serv- 

10 ices on a selected service host as shown in area 61 2 of 
Figure 6 that the user is authorized to manage by ex- 
amining data in database 21 2. This is done by using the 
management console segment of the CGI as shown in 
Figure 2. In the described embodiment, an administra- 

15 tor's authorization is defined in terms of services that the 
administrator is allowed to manage. During this step the 
management console constructs a URL for each service 
and host that the administrator is allowed to manage. 
This process is also described in greater detail with re- 

20 spect to Figure 9. The URLs allows the console host to 
locate each service host and service that can be man- 
aged by the administrator. 

[0053] At step 808 the user selects an instance of a 
service (i.e. a particular service from a service host) that 

25 the user wants to manage* A service can reside on sev- 
eral different service hosts so the user must choose an 
instance of a service from a particular service host.. By 
selecting the user friendly name the user has selected 
one of the URLs constructed in step 806. At step 810 

30 the management console host initiates the sen/let CGI 
component of the CGI. In the described embodiment, 
this is done by comparing the user credentials or profile 
against the user's authentication and access control da- 
ta in the database. This verification is performed before 

35 a connection is made to the service host by servlet CGI 
224 as an extra precaution against users trying to man- 
age services on that service host without going through 
management console host 208. Since this is a network 
environment, it is possible for a user to bypass the con- 

40 sole host verification steps and attempt to access serv- 
ices on a service host directly from a client machine, in- 
stead of from browser host 216 of Figure 2. Thus, the 
user credentials are compared against the user data 
stored in database 212 by the servlet CGL 

45 [0054] At step 812 the servlet CGI uses a standard 
procedure for passing the user credentials to the service 
host or hosts indicated by the user. In the described em- 
bodiment, once the data is received, the service host 
performs authentication and access control using the 

so data by comparing it against data in the database. In 
other preferred embodiments, this step may not be nec- 
essary depending on independent security features 
available on the particular network implementing the 
management console program. This re-authentication 

55 is done without any intervention from the user and is per- 
formed to ensure that a user is not attempting to log on 
directly to the service host thereby circumventing the au- 
thentication and access control layer of the manage- 
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ment console host. Thus, by performing a second check 
against the database without requiring the user to per- 
form any extra operations, the management console 
can ensure secure management of services in the net- 
work. If the re-authentication is successful at step 814, 
management console program on the console host al- 
lows the user to perform management operations on the 
selected service or services from the browser as shown 
at step 816 at which point the enforcement process is 
complete. If the re-authentication is not successful, the 
user is denied authority to manage the selected service 
and is shown the login screen again. 
[0055] Figure 9 is a flowchart showing in greater detail 
step 806 of Figure 8a. In step 806 the user is authenti- 
cated and the services that the user is authorized to ac- 
cess are determined and the URLs to each of those 
services are constructed. At step 902 the management 
console host authenticates the user by retrieving infor- 
mation relating to the user from the database. This in- 
formation consists of the user's name and password. 
Once the user name and password are verified, a list of 
services that the user is authorized to manage is de- 
rived. At step 904 the console host initiates the manage- 
ment console segment 226 of the CGI program with the 
user credentials which were verified at step 902. As de- 
scribed above, this is the. first step in establishing a link 
with a service host. 

[0056] The other component of the CGI is the servlet 
CGI (item 224 of Figure 2) is used to establish the con- 
nection with the service host. At step 906 the manage- 
ment console CGI queries database 212 of Figure 2 to 
obtain the list of services the user is authorized to man- 
age. Links to these services are constructed in the form 
of URLs to all the services on the list. The database con- 
tains an entry for each user that contains information 
including the user's name, password, level (e.g. super 
system administrator), and a list of services that the user 
is allowed to manage. A super system administrator can 
manage all services and define access control param- 
eters for the other users (e.g. junior system administra- 
tors). The list of services contains "user friendly" names 
of the services (also contained in the database) instead 
of the services URL. Control then returns to step 806 of 
Figure 8a where the user selects which services he 
wants to manage from the list of services. 
[0057] The present invention employs various com- 
puter-implemented operations involving data stored in 
computer systems. These operations include, but are 
not limited to, those requiring physical manipulation of 
physical quantities. Usually, though not necessarily, 
these quantities take the form of electrical or magnetic 
signals capable of being stored, transferred, combined, 
compared, and otherwise manipulated. The operations 
described herein that form part of the invention are use- 
ful machine operations. The manipulations performed 
are often referred to in terms, such as, producing, iden- 
tifying, running, determining, comparing, executing, 
downloading, or detecting. It is sometimes convenient, 



principally for reasons of common usage, to refer to 
these electrical or magnetic signals as bits, values, ele- 
ments, variables, characters, data, or the like. It should 
remembered, however, that all of these and similar 
s terms are to be associated with the appropriate physical 
quantities and are merely convenient labels applied to 
these quantities. 

[0058] The present invention also relates to a device, 
system or apparatus, such as browser host 216 and 

10 management console host 208 for performing the afore- 
mentioned operations. The system may be specially 
constructed for the required purposes, or it may be a 
general purpose computer selectively activated or con- 
figured by a computer program stored in the computer. 

is The processes presented above are not inherently re- 
lated to any particular computer or other computing ap- 
paratus. In particular, various general purpose comput- 
ers may be used with programs written in accordance 
with the teachings herein, or, alternatively, it may be 

20 more convenient to construct a more specialized com- 
puter system to perform the required operations. 
[0059] Figure 10 is a block diagram of a general pur- 
pose computer system 1 000 suitable for carrying out the 
processing in accordance with one embodiment of the 

25 present invention. The management console program 
including the authentication and access control layer 
can resides on such a general purpose computer. In ad- 
dition, browser host 216 can be such a general purpose 
computer. Figure 10 illustrates one embodiment of a 

30 general purpose computer system. Other computer sys- 
tem architectures and configurations can be used for 
carrying out the processing of the present invention. 
Computer system 1000, made up of various subsys- 
tems described below, includes at least one microproc- 

35 essor subsystem (also referred to as a central process- 
ing unit, or CPU) 1002. That is, CPU 1002 can be im- 
plemented by a single-chip processor or by multiple 
processors. CPU 1 002 is a general purpose digital proc- 
essor which controls the operation of the computer sys- 

40 tern 1 000. Using instructions retrieved from memory, the 
CPU 1002 controls the reception and manipulation of 
input data, and the output and display of data on output 
devices. 

[0060] CPU 1002 is coupled bi-directionally with a first 
45 primary storage 1004, typically a random access mem- 
ory (RAM), and uni-directionalty with a second primary 
storage area 1006, typically a read-only memory 
(ROM), via a memory bus 1008. As is well known in the 
art, primary storage 1004 can be used as a general stor- 
50 age area and as scratch-pad memory, and can also be 
used to store input data and processed data. It can also 
store programming instructions and data, for example 
in the form of a hierarchical database such as database 
212 in addition to other data and instructions for proc- 
55 esses operating on CPU 1002, and is used typically 
used for fast transfer of data and instructions in a bi- 
directional manner over the memory bus 1008. Also as 
well known in the art, primary storage 1006 typically in- 
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eludes basic operating instructions, program code, data 
and objects used by the CPU 1002 to perform its func- 
tions. Primary storage devices 1004 and 1006 may in- 
clude any suitable computer-readable storage media, 
described below, depending on whether, for example, 
data access needs to be bi-directional or uni-directional. 
CPU 1 002 can also directly and very rapidly retrieve and 
store frequently needed data in a cache memory 1010. 
[0061] A removable mass storage device 1012 pro- 
vides additional data storage capacity for the computer 
system 1000, and is coupled either bi-directionally or 
uni-directional ly to CPU 1002 via a peripheral bus 1014. 
For example, a specific removable mass storage device 
commonly known as a CD-ROM typically passes data 
uni-directionally to the CPU 1002, whereas a floppy disk 
can pass data bi-directionally to the CPU 1002. Storage 
1012 may also include computer-readable media such 
as magnetic tape, flash memory, signals embodied on 
a carrier wave, PC-CARDS, portable mass storage de- 
vices, holographic storage devices, and other storage 
devices. A fixed mass storage 1016 also provides addi- 
tional data storage capacity and is coupled bi-direction- 
ally to CPU 1002 via peripheral bus 1014. The most 
common example of mass storage 1016 is a hard disk 
drive. Generally, access to these media is slower than 
access to primary storage 1 004 and 1 006. Mass storage 
1012 and 1016 generally store additional programming 
instructions, data, and the like that typically are not in 
active use by the CPU 1002. It will be appreciated that 
the information retained within mass storage 1012 and 
1016 may be incorporated, if needed, in standard fash- 
ion as part of primary storage 1 004 (e.g. RAM) as virtual 
memory. 

[0062] In addition to providing CPU 1002 access to 
storage subsystems, the peripheral bus 1014 is used to 
provide access other subsystems and devices as well. 
In the described embodiment, these include a display 
monitor 1018 and adapter 1020, a printer device 1022, 
a network interface 1024, an auxiliary input/output de- 
vice interface 1026, a sound card 1028 and speakers 
1030, and other subsystems as needed. 
[0063] The network interface 1024 allows CPU 1002 
to be coupled to another computer, computer network, 
or telecommunications network using a network con- 
nection as shown. Through the network interface 1024, 
it is contemplated that the CPU 1002 might receive in- 
formation, e.g., data objects or program instructions, 
from another network, or might output information to an- 
other network in the course of performing the above-de- 
scribed method steps. Information, often represented as 
a sequence of instructions to be executed on a CPU, 
may be received from and outputted to another network, 
for example, in the form of a computer data signal em- 
bodied in a carrier wave. An interface card or similar de- 
vice and appropriate software implemented by CPU 
1 002 can be used to connect the computer system 1 000 
to an external network and transfer data according to 
standard protocols. That is, method embodiments of the 



present invention may execute solely upon CPU 1002, 
or may be performed across a network such as the In- 
ternet, intranet networks, or local area networks, in con- 
junction with a remote CPU that shares a portion of the 
s processing. Additional mass storage devices (not 
shown) may also be connected to CPU 1002 through 
network interface 1024. 

[0064] Auxiliary I/O device interface 1026 represents 
general and customized interfaces that allow the CPU 

io 1 002 to send and, more typically, receive data from oth- 
er devices such as microphones, touch-sensitive dis- 
plays, transducer card readers, tape readers, voice or 
handwriting recognizors, biometrics readers, cameras, 
portable mass storage devices, and other computers. 

is [0065] Also coupled to' the CPU 1002 is a keyboard 
controller 1032 via a local bus 1034 for receiving input 
from a keyboard 1036 or a pointer device 1038, and 
sending decoded symbols from the keyboard 1036 or 
pointer device 1038 to the CPU 1002. The pointer de- 

20 vice may be a mouse, stylus, track ball, or tablet, and is 
useful for interacting with a graphical user interface. 
[0066] In addition, embodiments of the present inven- 
tion further relate to computer storage products with a 
computer readable medium that contain program code 

2S for performing various computer-implemented opera- 
tions. The computer-readable medium is any data stor- 
age device that can store data which can thereafter be 
read by a computer system. The media and program 
code may be those specially designed and constructed 

30 for the purposes of the present invention, or they may 
be of the kind well known to those of ordinary skill in the 
computer software arts. Examples of computer-reada- 
ble media include, but are not limited to, all the media 
mentioned above: magnetic media such as hard disks, 

35 floppy disks, and magnetic tape; optical media such as 
CD-ROM disks; magneto-optical media such as floptical 
disks; and specially configured hardware devices such 
as application-specific integrated circuits (ASICs), pro- 
grammable logic devices (PLDs), and ROM and RAM 

40 devices. The computer-readable medium can also be 
distributed as a data signal embodied in a carrier wave 
over a network of coupled computer systems so that the 
computer-readable code is stored and executed in a dis- 
tributed fashion. Examples of program code include 

45 both machine code, as produced, for example, by a 
compiler, or files containing higher level code that may 
be executed using an interpreter. 
[0067] It will be appreciated by those skilled in the art 
that the above described hardware and software ele- 

50 ments are of standard design and construction. Other 
computer systems suitable for use with the invention 
may include additional or fewer subsystems. In addition, 
memory bus 1008, peripheral bus 1014, and local bus 
1034 are illustrative of any interconnection scheme 

55 serving to link the subsystems. For example, a local bus 
could be used to connect the CPU to fixed mass storage 
1016 and display adapter 1020. The computer system 
shown in Figure 1 0 is but an example of a computer sys- 



11 



21 



EP 0 977 399 A2 



22 



tern suitable for use with the invention. Other computer 
architectures having different configurations of subsys- 
tems may also be utilized. 

[0068] Although the foregoing invention has been de- 
scribed in some detail for purposes of clarity of under- 5 
standing, it will be apparent that certain changes and 
modifications may be practiced within the scope of the 
appended claims. Furthermore, it should be noted that 
there are alternative ways of implementing both the 
process and apparatus of the present invention. For ex- io 
ample, although the invention has been described using 
a Web server as the administration server, a non-Web 
based server can also be used to run the management 
console program. In another example, database 212 
can be a distributed database stored on the console host is 
and various service hosts rather than at a single persist- 
ent database. In yet another example, data retrieval pro- 
tocols other than LD AP can be used to retrieve data from 
database 212 or from a flat file stored on a persistent 
storage area. In yet another example, the discover rou- 20 
tine can be run 'locally" on a service host while the serv- 
ice is being installed instead of at a later time on the 
console host. Accordingly, the present embodiments 
are to be considered as illustrative and not restrictive, 
and the invention is not to be limited to the details given 25 
herein, but may be modified within the scope and equiv- 
alents of the appended claims. 



Claims 30 

1. A method of securing access to the administration 
of a plurality of distinct services residing on one or 
more service host computers from an administra- 
tion server computer connected to the one or more 35 
service host computers, there being a service man- 
ager residing on the administration server compu- 
ter, the method comprising: 

providing a selected user identifier and a cor- 40 
responding private keyword, the user identifier 
being arranged to identify a user having admin- 
istrative access to at least one of the distinct 
services; 

authenticating the user by comparing the se- 45 
lected user identifier and the corresponding pri- 
vate keyword against a plurality of user identi- 
fiers and private keywords stored in a persistent 
r storage area, the comparing performed under 

control of the service manager; so 
deriving a list of services to which the user as- 
sociated with the user identifier has administra- 
tive access; 

when a request is made to administer a select- 
ed one of the services in the derived list of serv- 55 
ices, verifying at the service host computer as- 
sociated with the selected service that the user 
associated with the selected user identifier is 



permitted to access the selected service by ex- 
amining access control data associated with 
the selected user identifier in the persistent 
storage area; and 

transferring one or more management files on 
the service host computer to the administration 
server thereby facilitating manipulation of the 
management files utilizing the service manag- 
er. 

2. A method as recited in claim 1 wherein the admin- 
istration server computer is connected to an admin- 
istration client computer suitable for running a 
browser program and wherein the selected user 
identifier and the corresponding private keyword 
are provided over a communications connection be- 
tween the administration client computer and the 
administration server computer, the communica- 
tions connections among the administration server 
computer, the administration client computer and 
the one or more service host computers utilizing an 
Internet protocol. 

3. A method as recited in claim 1 wherein providing a 
selected user identifier and a corresponding private 
keyword further comprises logging on to the service 
manager through the administration client compu- 
ter. 

4. A method as recited in claim 1 wherein authenticat- 
ing the user further comprises utilizing a lightweight 
directory access protocol to communicate the user 
identifier and corresponding private keyword to the 
persistent storage area. 

5. A method as recited in claim 1 wherein each user 
identifier has a corresponding user profile that rep- 
resents a global user identity corresponding to a 
particular service manager user. 

6. A method as recited in claim 1 wherein deriving a 
list of services further comprises searching the per- 
sistent storage area, the persistent storage area 
containing a user profile database including, for 
each user, a user access level, a list of allowable 
services, and a password. 

7. A method as recited in claim 1 wherein verifying at 
the service host computer that the user associated 
with the selected user identifier is permitted to ac- 
cess the selected service from the list of services 
further comprises communicating the selected user 
identifier and the corresponding private keyword to 
the host server computer using a common gateway 
interface. 

8. A method.as recited in claim 1 wherein the service 
host computer contains an authentication and ac- 
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cess control segment. 

9. A method as recited in claim 1 wherein the selected 
user identifier and the corresponding private key- 
word are automatically passed to the one or more s 
service host computers for use in . 

10. A method as recited in claim 1 further comprising 
displaying the list of services in a user interface dis- 
played on the administration client computer. io 

11. A method as recited in claim 1 further comprising 
constructing a service locator by the management 
console program for locating a service on a host 
server computer. is 

12. A method as recited in claim 1 wherein transferring 
one or more management files on the host server 
to the administration server further comprises initi- 
ating a common gateway interface on the adminis- 20 
tration server computer thereby enabling the trans- 
fer of one or more management files and a plurality 

of operating system commands. 

1 3. A system for securing administration of services re- 25 
siding on one or more service host computers from 

an administration server computer, the administra- 
tion server computer connected to an administra- 
tion client having a browser-type program and to the 
one or more service host computers using an Inter- 30 
net protocol, the system comprising: 

a user profile data repository for storing data 
relating to user privileges, the data including, 
for each user, a user access level, a list of serv- 35 
ices, and a password; 

a service manager subcomponent of a commu- 
nication interface residing on the administration 
server computer for accepting a user identifier 
and a corresponding keyword and passing the 40 
user identifier and the corresponding keyword 
to the user profile data repository; 
a component configuration directory suitable 
for residing on the one or more service hosts 
containing component configuration files for 45 
storing management modules associated with 
the plurality of services, the management mod- 
ules containing management data utilized in 
administering the plurality of services; 
a service host subcomponent of the communi- 50 
cation interface residing on the administration 
server computer for accepting the user identifi- 
er and the corresponding keyword and passing 
the user identifier and the corresponding key- 
word to the plurality of service host computers 55 
for verification by examining data relating to us- 
er privileges stored in the user profile data re- 
pository. 



14. A system for securing access to the administration 
of a plurality of distinct services residing on one or 
more service host computers from an administra- 
tion server computer connected to the one»or more 
service host computers and to an administration cli- 
ent computer, there being a service manager resid- 
ing on the administration server computer, the sys- 
tem comprising: 

a communication connection between the ad- 
ministration client computer and the adminis- 
tration server computer that can be used for 
providing a selected user identifier and a cor- 
responding private keyword to the service man- 
ager, the user identifier being arranged to iden- 
tify a user having administrative access to at 
least one of the services; 
an authenticator configured for authenticating 
the user by comparing the selected user iden- 
tifier and the corresponding private keyword 
against a plurality of user identifiers and private 
keywords stored in a persistent storage area, 
the comparing performed under control of the 
service manager; 

an access control mechanism for deriving a list 
of services to which the user associated with 
the user identifier has administrative access; 
a service host verifier for verifying that the user 
associated with the selected user identifier is 
permitted to access a selected one of the serv- 
ices in the derived list of services, the verifier 
residing at the service host computer associat- 
ed with the selected service and utilizing ac- 
cess control data associated with the selected 
user identifier in the persistent storage area; 
and 

a data transfer component for transferring one 
or more management files on the service host 
computer to the administration server computer 
thereby facilitating manipulation of the man- 
agement files utilizing the service manager. 

15. A computer readable medium configured to store 
computer programming instructions for securing 
access to the administration of a plurality of distinct 
services residing on one or more service host com- 
puters from an administration server computer con- 
nected to the one or more service host computers, 
there being a service manager residing on the ad- 
ministration server computer, the computer reada- 
ble medium comprising: 

computer programming instructions for provid- 
ing a selected user identifier and a correspond- 
ing private keyword, the user identifier being ar- 
ranged to identify a user having administrative 
access to at least one of the distinct services; 
computer programming instructions forauthen- 



13 



25 EP 0 977 399 A2 

ticating the user by comparing the selected us- 
er identifier and the corresponding private key- 
word against a plurality of user identifiers and 
private keywords stored in a persistent storage 
area, the comparing performed under control of s 
the service manager; 

computer programming instructions for deriv- 
ing a list of services to which the user associ- 
ated with the user identifier has administrative 
access; 10 
when a request is made to administer a select- 
ed one of the services in the derived list of serv- 
ices, computer programming instructions for 
verifying at the service host computer associ- 
ated with the selected service that the user as- '5 
sociated with the selected user identifier is per- 
mitted to access the selected service by exam- 
ining access control data associated with the 
selected user identifier in the persistent storage 
area; and 20 
computer programming instructions for trans- 
ferring one or more management files on the 
service host computer to the administration 
server thereby facilitating manipulation of the 
management files utilizing the service manag- 25 
er. 



30 



35 



40 



45 



50 



55 



14 



EP 0 977 399 A2 




EP 0 977 399 A2 




16 



EP 0 977 399 A2 



REGISTER 
NEW SERVICE 



1 


t 


INSTALL SERVICE AND 
MANAGEMENT MODULE ON 
SERVICE HOST 






REGISTER SERVICE ON 

SERVICE HOST 
(e.g. run mc_reg command) 






USE MANAGMENT CONSOLE 
TO RUN "DISCOVER" ON 
SERVICE HOST 







c 



DONE 




FIG. 3 



17 



EP 0 977 399 A2 




18 



EP 0 977 399 A2 



C RUNNING 
DISCOVER ON 
SERVICE HOST 



USER ENTERS ONE OR 
MORE SERVICE HOST 
NAMES ON BROWSER 
CONSOLE 



MANAGEMENT CONSOLE 

PROGRAM SCANS 
WELL-KNOWN DIRECTORY 
FOR APPROPRIATE FILES 



FOR EACH FILE DISCOVERED, 
RETRIEVE FILE CONTENTS 
AND PARSE CONTENTS 
ON CONSOLE HOST 



LOAD PARSED DATA INTO 
PERSISTENT STORAGE 
(e.g. DATA BASE) 



C^oneJ^) 



FIG. 5 



19 



EP 0 977 399 A2 



% Vkw <^o CofWiunicalor 



wsrt RetoaJ Home Search Guide Print Security Stop 
ofcnvrts Locaton: jhttp: //shower: 50030 /ispmc 



3e Admin istrators 

ter Services 

ie Services 

nure Sun^ Internet 
nistrator 

it 



\ 



Host on 



Register Services 

t Wnich to register services 



iRe*gister Hostl 

■* * 



Host on which to unregister services: /" © * u 



Unregister Host! ; 



20 



EP 0 977 399 A2 




FlCr.Cb 



ninistrators 



Register Services 



vices 



:oi 



vices 



unlfl Internet 



Ser vices available to register on shower 
sample X (X) 

Sun Web Site (2tier) ^6\lL. "r 



6li 



Sample CLI (CLI) ^ \ 
sample servlet (3tier) 

* Sun Nevvs(TM) (3tierK^ 16 j 

* Sun Internet Services Monitor (2tier); 

* Sun Webserver (2tier) ! 
finger (3tier) j 
SNY CLI (CLI) j 

*An asterisk indicates that a service is already regist- 
!Reg ister^SeryiceslSelectedyAbo.ve :\ 



■Register ALL5ervices i 



Host on which to register services: 



Host on which to unregister services: 



II 



21 



EP 0 977 399 A2 



*wstf Reload Home Search Qwte Flint Secuity Stop 



ol/naks Location: pit tp: //shower: 50030 /ispmc 




ne Administrators 

ter Services 

ie Services 

gure Sun 1 ^ Internet 
nistrator 

it 



10X 



Manage Administrators 



Add Administrator 
Name |jt 

Password 

Retype Password 



70H 



itest 



Select services administrator 'test' shall be allowed to i 



Sun(TM) Internet Administrate 



Sample CLI YesYes 
Sample CLI YesNo 
Sun News(TM) 
SunDS 

Sun Internet Services Monitor 

Sun Webserver 

Sun(TM)FTP 

sample X 

Sun Web Site ' 



?/0 



3 



22 



EP 0 977 399 A2 



FIG. 8a 



USER ACCESS 
ENFORCEMENT 




USER ENTERS MANAGEMENT 
CONSOLE UNIFORM LOCATOR 
FROM BROWSER HOST 



802 



USER CHALLENGED FOR 
USER NAME AND PASSWORD 



804 



MANAGEMENT CONSOLE LISTS 
SERVICES (URL CONSTRUCTED 
FOR SERVICES AND HOSTS) 



806 



USER SELECTS DESCRIPTIVE NAME 
DESIRED TO BE MANAGED 



808 




23 



EP 0 977 399 A2 

FIG. 8b 







ADMINISTRATION SERVER 
INITIATES CGI WITH USER 
CREDENTIALS 










CGI (SERVLET CGI) PASSES 
CREDENTIALS TO SERVICE HOST 


812 








SERVICE HOST PERFORMS 
AUTHENTICATION AND ACCESS 
CONTROL AGAINST DATABASE 


814 



PERFORM SELECTED 
MANAGEMENT FEATURE 



816 



(^^DONE 



24 




EP0 977 399 A2 



FIG. 9 



806 



USER AUTHENTICATION 
BY MNGT. CONSOLE 




ADMINISTRATION SERVER 
AUTHENTICATES USER 
CREDENTIALS 




ADMINISTRATION SERVER STARTS 
MANAGEMENT CONSOLE CGI WITH 
USER CREDENTIALS 



904 



MANAGEMENT CONSOLE CGI 
QUERIES DATABASE TO CONSTRUCT 
LINKS TO SERVICES (ON HOSTS) 


1 





906 




808 




25 



EP 0 977 399 A2 




26 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 



Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to* the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 



□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



BEST AVAILABLE IMAGES 




FADED TEXT OR DRAWING 



